What users are saying about
89 Ratings
4 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 8.6 out of 100
89 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 8.7 out of 100

Likelihood to Recommend

Azure Sentinel

If you are new to SIEM and have not invested in pre-exiting SIEM solutions, Azure Sentinel is a great way to start your SIEM journey. This is especially true if you are involved in other Microsoft products or are using Office 365 or Azure, it would be very easy to deploy and will have the logs in no time.
Anonymous | TrustRadius Reviewer

IBM QRadar

If you have a small-to-large company looking for a SIEM solution that "does the job" and is easy to deploy/use, QRadar is your tool. If you're looking for a complex solution that supports integration with data-mining solutions (e.g. ELK), then you may need a different solution. Overall, QRadar fits the needs of 99% of the companies. It is one of the easiest SIEM solutions to deploy and use.
Anonymous | TrustRadius Reviewer

Feature Rating Comparison

Security Information and Event Management (SIEM)

Azure Sentinel
7.8
IBM QRadar
8.6
Centralized event and log data collection
Azure Sentinel
9.0
IBM QRadar
9.2
Correlation
Azure Sentinel
9.0
IBM QRadar
9.8
Deployment flexibility
Azure Sentinel
6.0
IBM QRadar
8.4
Integration with Identity and Access Management Tools
Azure Sentinel
8.0
IBM QRadar
7.7
Custom dashboards and views
Azure Sentinel
7.0
IBM QRadar
8.5
Event and log normalization
Azure Sentinel
IBM QRadar
9.2
Host and network-based intrusion detection
Azure Sentinel
IBM QRadar
7.6

Pros

Azure Sentinel

  • Very easy to setup
  • Pay as you use--month-to-month subscription--no lengthily contracts
  • Works very well with other Microsoft tools as it has native integration
  • Cheaper then other SIEM products
  • No need to deploy any infrastructure on-premises to manage it
  • Very fast deployment
Anonymous | TrustRadius Reviewer

IBM QRadar

  • It allows us to have visibility to potential problems both on premise and in the cloud which was key as we have become a hybrid consumer.
  • It has automated monitoring which has allowed us to see threats faster and also allowed us to be proactive.
  • By having over 20,000 employees, QRadar has also allowed us to be aware of internal threats that are brought into the company by unsuspecting employees.
Anonymous | TrustRadius Reviewer

Cons

Azure Sentinel

  • Better integration with third-party tools
  • More connectors for third-party tools
  • Better online training available
  • More built-in queries
Anonymous | TrustRadius Reviewer

IBM QRadar

  • There is a steep learning curve compared to other platforms. Qradar is incredibly powerful but does require some homework.
  • There is a glaring lack of threat feed utilization outside of STIXX/TAXII which remains very limited at this time.
  • May require a considerable amount of tuning during deployment with very little "out of the box" offense information.
Anonymous | TrustRadius Reviewer

Usability

Azure Sentinel

Azure Sentinel 9.0
Based on 1 answer
I think the solution is robust, very usable, and user friendly. Overall it is very solid product that might not have all the functionality that Splunk has, but considering the time it has been on the market, I think it's really good. Having in mind how much Microsoft has invested in Cloud (i.e., Azure), this product will only grow stronger and better. I have been using it for a year, and since we started using it, there have been a lot of improvements and the number of connectors has increased.
Anonymous | TrustRadius Reviewer

IBM QRadar

No score
No answers yet
No answers on this topic

Support Rating

Azure Sentinel

Azure Sentinel 6.0
Based on 1 answer
The support is standard Microsoft support. It's not bad, but far from best in the industry. Compared to not having too many online courses/training available, this can be a roadblock, but in all honesty, deployment and day-to-day operations are easy and the product is intuitive. If you know how to read and understand Windows logs and have basic knowledge in any query language, you won't have much difficulty getting around. If you have some urgent investigation to do and you are stuck in understanding what happened and have difficulty correlating logs from different systems, other products probably will have better support where you can call someone and have screen sharing session/assistance in finding what's going on, but you pay premium for that, so at the end it all depends on your budget, technical skills, and comfort level.
Anonymous | TrustRadius Reviewer

IBM QRadar

IBM QRadar 8.5
Based on 4 answers
I've had many issues with QRadar, and the support would hear and respond to my question all the time (more so than in the case of IBM Resilient support). They were very quick to respond, were helpful, and provided remote access.
larbi belmiloud | TrustRadius Reviewer

Alternatives Considered

Azure Sentinel

Azure Sentinel is much more cost effective and affordable than FortiSIEM and especially compared to Splunk Enterprise. Azure Sentinel is easier and faster to implement and does not require having any on-premises setup. It's purely software. There is no need to install any hardware on your network and you do not need to tap into the network and sniff all the traffic. All the software components of the solutions reside in Azure. You need to send the logs to Azure. The only thing that needs to be done on the servers where you want to monitor logs is install a small, small agent that will have the info of your Log Anaytics and a key to be able to connect and upload the logs. If you are versed in Microsoft technology, there is not much training required to get it going. There is the KQL language for writing queries that might be kind of new but then, on the other hand, any SIEM product has its own subscription language and syntax that needs to be learned, so Azure Sentinel is no different.
Anonymous | TrustRadius Reviewer

IBM QRadar

Splunk Enterprise Security I've found is the easiest of all major SIEM's to deploy due to its event normalization capabilities. It lags behind QRadar in event correlation but is better in user GUI customization. One issue where QRadar beats it is in cost. Splunk starts off cheap, but as you expand (due to it's licensing model), it quickly becomes very expensive. It is the monster that keeps on feeding.
Douglas Concepcion | TrustRadius Reviewer

Return on Investment

Azure Sentinel

  • It provide us with visibility in what's going on in our Azure deployments, Office 365 and on-premises servers
  • Allows us to investigate incidents
  • Allows to detect suspicious behavior
  • Fulfills the requirement to have SIEM/centralized log system that is required by security standards and certifications
Anonymous | TrustRadius Reviewer

IBM QRadar

  • QRadar has helped us improve our rating when going through an IT audit.
  • It has allowed us to answer some security related contract questions much more positively when going through contract negotiation.
  • It helps us to protect our company and investors from Outside and Internal threats.
Anonymous | TrustRadius Reviewer

Pricing Details

Azure Sentinel

General

Free Trial
Yes
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No

Azure Sentinel Editions & Modules

Edition
Azure Sentinel$2.461
100 GB per day$123.002
200 GB per day$221.402
300 GB per day$319.802
400 GB per day$410.002
500 GB per day$492.002
More than 500 GB per day$492.00 + $98.403
  1. per GB ingested
  2. per day
  3. per day/plus each additional 100 GB increment
Additional Pricing Details

IBM QRadar

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No

IBM QRadar Editions & Modules

Edition
Cloud$800.001
  1. Per Month
Additional Pricing Details

Rating Summary

Likelihood to Recommend

Azure Sentinel
10.0
IBM QRadar
8.8

Usability

Azure Sentinel
9.0
IBM QRadar

Support Rating

Azure Sentinel
6.0
IBM QRadar
8.5

Add comparison